Òscar Flores
2015-Jan-22 19:46 UTC
[Samba] net rpc rights list - could not connect to server 127.0.0.1
I had already checked these files (smb.conf, krb5.conf, hosts) and they match each other, but the error still appears... Is there anything else I can check? Thanks -----Mensaje original----- De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny Enviado el: jueves, 22 de enero de 2015 18:06 Para: samba at lists.samba.org Asunto: Re: [Samba] net rpc rights list - could not connect to server 127.0.0.1 On 22/01/15 16:44, ?scar Flores wrote:> But this command returns me the rights list of administrator in AD DC. > I need the "rights list" of administrator in "MEMBER2". > > Here some tests: > *From MEMBER2: > #net rpc rights list accounts ?Uadministrator Could not connect to > server > 127.0.0.1 The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > > #net rpc rights list accounts ?Uadministrator -Smember1 MYDOMAIN > \Domain Admins > SeDiskOperatorPrivilege << WORKS > > From MEMBER1: > #net rpc rights list accounts ?Uadministrator MYDOMAIN \Domain Admins > SeDiskOperatorPrivilege << WORKS! > > # net rpc rights list accounts -Uadministrator > -Smember2.mydomain.local Could not connect to server > member2.mydomain.local The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > > Thanks for your time! > Oscar > > -----Mensaje original----- > De: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny > Enviado el: jueves, 22 de enero de 2015 15:37 > Para: samba at lists.samba.org > Asunto: Re: [Samba] net rpc rights list - could not connect to server > 127.0.0.1 > > On 22/01/15 14:12, ?scar Flores wrote: >> Hi! >> >> I have some problems with my new member server>> >> >> >> This is my schema: >> >> >> >> -Doman Controller name is ?DC01? and realm name is ?MYDOMAIN.LOCAL? ? > WORKS! >> >> >> -Member server 1, name ?MEMBER1? ? WORKS! >> >> #net rpc rights list accounts ?Uadministrator >> >>>> >> MYDOMAIN\Domain Admins >> >> SeDiskOperatorPrivilege >> >>>> >> >> >> When I run this commandworks well and I can administrate my shares>> with ACL from another computer with Win7+RSAT >> >> >> >> - Member server 2, name ?MEMBER2? - FAIL! >> >> # net rpc rights list accounts ?Uadministrator >> >> Enter administrator's password: >> >> Could not connect to server 127.0.0.1 >> >> The username or password was not correct. >> >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> >> >> *The same error appears when I run this command: >> >> # net rpc rights grant 'MYDOMAIN\Domain Admins' >> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator' >> >> Enter administrator's password: >> >> Could not connect to server 127.0.0.1 >> >> The username or password was not correct. >> >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> >> >> I don?t know what happens with MEMBER2 because I followed the same >> instructions on both servers (MEMBER1 & MEMBER2) >> >> 1- The 3 servers are installed with ?Ubuntu 14.04.1 LTS? + ?samba >> 4.1.6? >> >> 2- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >> >> and then>> >> 3- >> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with >> _ >> Window >> s_ACLs >> >> but I stopped in ?SeDiskOperatorPrivilege?L>> >> >> >> Any idea? Somebody can help me? >> >> Thanks in advance! >> >> Oscar >> >> >> > Try adding '-I <AD DC ipaddress>' > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Ah yes, see what you mean, must engage brain and read the posts properly before answering :-) If one member server works and the other doesn't, it would seem that there must be something different between the two machines, all I can suggest at the moment is to compare the relevant files (smb.conf, krb5.conf, hosts etc) and make sure that they match (where they should). Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2015-Jan-22 20:15 UTC
[Samba] net rpc rights list - could not connect to server 127.0.0.1
On 22/01/15 19:46, ?scar Flores wrote:> I had already checked these files (smb.conf, krb5.conf, hosts) and they > match each other, but the error still appears... > Is there anything else I can check? > Thanks > > -----Mensaje original----- > De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En > nombre de Rowland Penny > Enviado el: jueves, 22 de enero de 2015 18:06 > Para: samba at lists.samba.org > Asunto: Re: [Samba] net rpc rights list - could not connect to server > 127.0.0.1 > > On 22/01/15 16:44, ?scar Flores wrote: >> But this command returns me the rights list of administrator in AD DC. >> I need the "rights list" of administrator in "MEMBER2". >> >> Here some tests: >> *From MEMBER2: >> #net rpc rights list accounts ?Uadministrator Could not connect to >> server >> 127.0.0.1 The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> #net rpc rights list accounts ?Uadministrator -Smember1 MYDOMAIN >> \Domain Admins >> SeDiskOperatorPrivilege << WORKS >> >> From MEMBER1: >> #net rpc rights list accounts ?Uadministrator MYDOMAIN \Domain Admins >> SeDiskOperatorPrivilege << WORKS! >> >> # net rpc rights list accounts -Uadministrator >> -Smember2.mydomain.local Could not connect to server >> member2.mydomain.local The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> Thanks for your time! >> Oscar >> >> -----Mensaje original----- >> De: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny >> Enviado el: jueves, 22 de enero de 2015 15:37 >> Para: samba at lists.samba.org >> Asunto: Re: [Samba] net rpc rights list - could not connect to server >> 127.0.0.1 >> >> On 22/01/15 14:12, ?scar Flores wrote: >>> Hi! >>> >>> I have some problems with my new member server? >>> >>> >>> >>> This is my schema: >>> >>> >>> >>> -Doman Controller name is ?DC01? and realm name is ?MYDOMAIN.LOCAL? ? >> WORKS! >>> >>> >>> -Member server 1, name ?MEMBER1? ? WORKS! >>> >>> #net rpc rights list accounts ?Uadministrator >>> >>> ? >>> >>> MYDOMAIN\Domain Admins >>> >>> SeDiskOperatorPrivilege >>> >>> ? >>> >>> >>> >>> When I run this command? works well and I can administrate my shares >>> with ACL from another computer with Win7+RSAT >>> >>> >>> >>> - Member server 2, name ?MEMBER2? - FAIL! >>> >>> # net rpc rights list accounts ?Uadministrator >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> *The same error appears when I run this command: >>> >>> # net rpc rights grant 'MYDOMAIN\Domain Admins' >>> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator' >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> I don?t know what happens with MEMBER2 because I followed the same >>> instructions on both servers (MEMBER1 & MEMBER2) >>> >>> 1- The 3 servers are installed with ?Ubuntu 14.04.1 LTS? + ?samba >>> 4.1.6? >>> >>> 2- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>> >>> and then? >>> >>> 3- >>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with >>> _ >>> Window >>> s_ACLs >>> >>> but I stopped in ?SeDiskOperatorPrivilege?? L >>> >>> >>> >>> Any idea? Somebody can help me? >>> >>> Thanks in advance! >>> >>> Oscar >>> >>> >>> >> Try adding '-I <AD DC ipaddress>' >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > Ah yes, see what you mean, must engage brain and read the posts properly > before answering :-) > > If one member server works and the other doesn't, it would seem that there > must be something different between the two machines, all I can suggest at > the moment is to compare the relevant files (smb.conf, krb5.conf, hosts etc) > and make sure that they match (where they should). > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Well, these are the packages I install on Debian wheezy for a member server: acl attr quota samba samba-vfs-modules samba-common-bin samba-common samba-libs libwbclient0 samba-dsdb-modules libnss-winbind smbclient libpam-winbind libsmbclient winbind krb5-config libpam-krb5 krb5-user and these are the files I alter/check /etc/hosts /etc/resolv.conf /etc/samba/smb.conf /etc/samba/user.map /etc/krb5.conf /etc/nsswitch.conf user.map contains one line: !root = DOMAIN\Administrator DOMAIN\administrator Administrator administrator Both of the member servers that I can check work, it works on both of my DC's, so I can only think that it is either something mis-configured or a version mis-match or something is missing. Rowland
Òscar Flores
2015-Feb-16 14:23 UTC
[Samba] net rpc rights list - could not connect to server 127.0.0.1
SOLVED! The solution is here >> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting Thank you for your help Rowland! Oscar -----Mensaje original----- De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny Enviado el: jueves, 22 de enero de 2015 21:16 Para: samba at lists.samba.org Asunto: Re: [Samba] net rpc rights list - could not connect to server 127.0.0.1 On 22/01/15 19:46, ?scar Flores wrote:> I had already checked these files (smb.conf, krb5.conf, hosts) and > they match each other, but the error still appears... > Is there anything else I can check? > Thanks > > -----Mensaje original----- > De: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny > Enviado el: jueves, 22 de enero de 2015 18:06 > Para: samba at lists.samba.org > Asunto: Re: [Samba] net rpc rights list - could not connect to server > 127.0.0.1 > > On 22/01/15 16:44, ?scar Flores wrote: >> But this command returns me the rights list of administrator in AD DC. >> I need the "rights list" of administrator in "MEMBER2". >> >> Here some tests: >> *From MEMBER2: >> #net rpc rights list accounts ?Uadministrator Could not connect to >> server >> 127.0.0.1 The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> #net rpc rights list accounts ?Uadministrator -Smember1 MYDOMAIN >> \Domain Admins >> SeDiskOperatorPrivilege << WORKS >> >> From MEMBER1: >> #net rpc rights list accounts ?Uadministrator MYDOMAIN \Domain Admins >> SeDiskOperatorPrivilege << WORKS! >> >> # net rpc rights list accounts -Uadministrator >> -Smember2.mydomain.local Could not connect to server >> member2.mydomain.local The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> Thanks for your time! >> Oscar >> >> -----Mensaje original----- >> De: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny >> Enviado el: jueves, 22 de enero de 2015 15:37 >> Para: samba at lists.samba.org >> Asunto: Re: [Samba] net rpc rights list - could not connect to server >> 127.0.0.1 >> >> On 22/01/15 14:12, ?scar Flores wrote: >>> Hi! >>> >>> I have some problems with my new member server>>> >>> >>> >>> This is my schema: >>> >>> >>> >>> -Doman Controller name is ?DC01? and realm name is ?MYDOMAIN.LOCAL? >>> ? >> WORKS! >>> >>> >>> -Member server 1, name ?MEMBER1? ? WORKS! >>> >>> #net rpc rights list accounts ?Uadministrator >>> >>>>>> >>> MYDOMAIN\Domain Admins >>> >>> SeDiskOperatorPrivilege >>> >>>>>> >>> >>> >>> When I run this commandworks well and I can administrate my shares>>> with ACL from another computer with Win7+RSAT >>> >>> >>> >>> - Member server 2, name ?MEMBER2? - FAIL! >>> >>> # net rpc rights list accounts ?Uadministrator >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> *The same error appears when I run this command: >>> >>> # net rpc rights grant 'MYDOMAIN\Domain Admins' >>> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator' >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> I don?t know what happens with MEMBER2 because I followed the same >>> instructions on both servers (MEMBER1 & MEMBER2) >>> >>> 1- The 3 servers are installed with ?Ubuntu 14.04.1 LTS? + ?samba >>> 4.1.6? >>> >>> 2- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>> >>> and then>>> >>> 3- >>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_wit >>> h >>> _ >>> Window >>> s_ACLs >>> >>> but I stopped in ?SeDiskOperatorPrivilege?L>>> >>> >>> >>> Any idea? Somebody can help me? >>> >>> Thanks in advance! >>> >>> Oscar >>> >>> >>> >> Try adding '-I <AD DC ipaddress>' >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > Ah yes, see what you mean, must engage brain and read the posts > properly before answering :-) > > If one member server works and the other doesn't, it would seem that > there must be something different between the two machines, all I can > suggest at the moment is to compare the relevant files (smb.conf, > krb5.conf, hosts etc) and make sure that they match (where they should). > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Well, these are the packages I install on Debian wheezy for a member server: acl attr quota samba samba-vfs-modules samba-common-bin samba-common samba-libs libwbclient0 samba-dsdb-modules libnss-winbind smbclient libpam-winbind libsmbclient winbind krb5-config libpam-krb5 krb5-user and these are the files I alter/check /etc/hosts /etc/resolv.conf /etc/samba/smb.conf /etc/samba/user.map /etc/krb5.conf /etc/nsswitch.conf user.map contains one line: !root = DOMAIN\Administrator DOMAIN\administrator Administrator administrator Both of the member servers that I can check work, it works on both of my DC's, so I can only think that it is either something mis-configured or a version mis-match or something is missing. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Òscar Flores
2015-Feb-16 14:37 UTC
[Samba] net rpc rights list - could not connect to server 127.0.0.1
SOLVED! The solution is here >> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting Thank you for your help Rowland! Oscar -----Mensaje original----- De: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny Enviado el: jueves, 22 de enero de 2015 21:16 Para: samba at lists.samba.org Asunto: Re: [Samba] net rpc rights list - could not connect to server 127.0.0.1 On 22/01/15 19:46, ?scar Flores wrote:> I had already checked these files (smb.conf, krb5.conf, hosts) and > they match each other, but the error still appears... > Is there anything else I can check? > Thanks > > -----Mensaje original----- > De: samba-bounces at lists.samba.org > [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny > Enviado el: jueves, 22 de enero de 2015 18:06 > Para: samba at lists.samba.org > Asunto: Re: [Samba] net rpc rights list - could not connect to server > 127.0.0.1 > > On 22/01/15 16:44, ?scar Flores wrote: >> But this command returns me the rights list of administrator in AD DC. >> I need the "rights list" of administrator in "MEMBER2". >> >> Here some tests: >> *From MEMBER2: >> #net rpc rights list accounts ?Uadministrator Could not connect to >> server >> 127.0.0.1 The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> #net rpc rights list accounts ?Uadministrator -Smember1 MYDOMAIN >> \Domain Admins >> SeDiskOperatorPrivilege << WORKS >> >> From MEMBER1: >> #net rpc rights list accounts ?Uadministrator MYDOMAIN \Domain Admins >> SeDiskOperatorPrivilege << WORKS! >> >> # net rpc rights list accounts -Uadministrator >> -Smember2.mydomain.local Could not connect to server >> member2.mydomain.local The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> >> Thanks for your time! >> Oscar >> >> -----Mensaje original----- >> De: samba-bounces at lists.samba.org >> [mailto:samba-bounces at lists.samba.org] En nombre de Rowland Penny >> Enviado el: jueves, 22 de enero de 2015 15:37 >> Para: samba at lists.samba.org >> Asunto: Re: [Samba] net rpc rights list - could not connect to server >> 127.0.0.1 >> >> On 22/01/15 14:12, ?scar Flores wrote: >>> Hi! >>> >>> I have some problems with my new member server>>> >>> >>> >>> This is my schema: >>> >>> >>> >>> -Doman Controller name is ?DC01? and realm name is ?MYDOMAIN.LOCAL? >>> ? >> WORKS! >>> >>> >>> -Member server 1, name ?MEMBER1? ? WORKS! >>> >>> #net rpc rights list accounts ?Uadministrator >>> >>>>>> >>> MYDOMAIN\Domain Admins >>> >>> SeDiskOperatorPrivilege >>> >>>>>> >>> >>> >>> When I run this commandworks well and I can administrate my shares>>> with ACL from another computer with Win7+RSAT >>> >>> >>> >>> - Member server 2, name ?MEMBER2? - FAIL! >>> >>> # net rpc rights list accounts ?Uadministrator >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> *The same error appears when I run this command: >>> >>> # net rpc rights grant 'MYDOMAIN\Domain Admins' >>> SeDiskOperatorPrivilege -U'MYDOMAIN\administrator' >>> >>> Enter administrator's password: >>> >>> Could not connect to server 127.0.0.1 >>> >>> The username or password was not correct. >>> >>> Connection failed: NT_STATUS_LOGON_FAILURE >>> >>> >>> >>> I don?t know what happens with MEMBER2 because I followed the same >>> instructions on both servers (MEMBER1 & MEMBER2) >>> >>> 1- The 3 servers are installed with ?Ubuntu 14.04.1 LTS? + ?samba >>> 4.1.6? >>> >>> 2- https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server >>> >>> and then>>> >>> 3- >>> https://wiki.samba.org/index.php/Setup_and_configure_file_shares_wit >>> h >>> _ >>> Window >>> s_ACLs >>> >>> but I stopped in ?SeDiskOperatorPrivilege?L>>> >>> >>> >>> Any idea? Somebody can help me? >>> >>> Thanks in advance! >>> >>> Oscar >>> >>> >>> >> Try adding '-I <AD DC ipaddress>' >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > Ah yes, see what you mean, must engage brain and read the posts > properly before answering :-) > > If one member server works and the other doesn't, it would seem that > there must be something different between the two machines, all I can > suggest at the moment is to compare the relevant files (smb.conf, > krb5.conf, hosts etc) and make sure that they match (where they should). > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Well, these are the packages I install on Debian wheezy for a member server: acl attr quota samba samba-vfs-modules samba-common-bin samba-common samba-libs libwbclient0 samba-dsdb-modules libnss-winbind smbclient libpam-winbind libsmbclient winbind krb5-config libpam-krb5 krb5-user and these are the files I alter/check /etc/hosts /etc/resolv.conf /etc/samba/smb.conf /etc/samba/user.map /etc/krb5.conf /etc/nsswitch.conf user.map contains one line: !root = DOMAIN\Administrator DOMAIN\administrator Administrator administrator Both of the member servers that I can check work, it works on both of my DC's, so I can only think that it is either something mis-configured or a version mis-match or something is missing. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
I have a small correction on this.>https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshootingthis user mapping.. !root = SAMDOM\Administrator SAMDOM\administrator Administrator administrator should really be this user mapping.. !root = SAMDOM\Administrator SAMDOM\administrator If gives mixed results in the security tab in windows if you keep also keep : Administrator administrator in the user mapping file And if you do want them in, i suggest to use : BUILDIN\Administrator BUILDIN\administrator but imo should not be needed. and SID SAMDOM\Administrator is not the same as SID BUILDIN\Administrator Any other toughts about this? Louis